---
# Define resources for this group of hosts here.
# Add custom iptable rule to allow stage koji to talk to
# osbs-dev.fedorainfracloud.org (will move to stage osbs later, this is for the
# sake of testing).
custom_rules: ['-A OUTPUT -p tcp -m tcp -d 209.132.184.60 --dport 8443 -j ACCEPT']
docker_registry: "candidate-registry.stg.fedoraproject.org"
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
  - can_send:
      - logger.log
    group: sysadmin
    owner: root
    service: shell
  - can_send:
      - buildsys.build.state.change
      - buildsys.package.list.change
      - buildsys.repo.done
      - buildsys.repo.init
      - buildsys.rpm.sign
      - buildsys.tag
      - buildsys.task.state.change
      - buildsys.untag
    group: apache
    owner: root
    service: koji
ipa_client_shell_groups:
  - fi-apprentice
  - sysadmin-noc
  - sysadmin-osbs
  - sysadmin-releng
  - sysadmin-veteran
ipa_client_sudo_groups:
  - sysadmin-osbs
  - sysadmin-releng
ipa_host_group: kojihub
ipa_host_group_desc: Koji Hub hosts
koji_hub: "koji.stg.fedoraproject.org/kojihub"
koji_root: "koji.stg.fedoraproject.org/koji"
koji_server_url: "https://koji.stg.fedoraproject.org/kojihub"
koji_topurl: "https://kojipkgs.fedoraproject.org/"
koji_weburl: "https://koji.stg.fedoraproject.org/koji"
lvm_size: 250000
mem_size: 8192
# NOTE -- staging mounts read-only
nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3"
num_cpus: 8
osbs_url: "osbs.stg.fedoraproject.org"
source_registry: "registry.stg.fedoraproject.org"
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
tcp_ports: [80, 443, 111, 2049,
  # These 8 ports are used by fedmsg.  One for each wsgi thread.
  3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007]
udp_ports: [111, 2049]
